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TNT THE CLAIMS 
The pending unamended claims are reproduced below as follows: 

1. (PREVIOUSLY PRESENTED) A network multiplexing and tunneling system, 
comprising at least two devices connected across a network by a secure connection created at a user- 
level, wherein the secure connection is a single encrypted Secure Sockets Layer (SSL) Transmission 
Control Protocol (TCP) connection, each of the devices authenticates the other device after the 
secure connection is opened, at least one of the devices multiplexes other connections through the 
secure connection after both the devices have been authenticated, and either endpoinr of the secure 
connection can receive connection requests for the multiplexed other connections. 

2. (ORIGINAL) The system of claim 1, wherein the other connections are selected from a 
group comprising Transmission Control Protocol (TCP) and UDP (User Datagram Protocol) 
connections. 

3. (ORIGINAL) The system of claim 1, wherein the secure connection is symmetric. 

4. (CANCELED) 

5. (ORIGINAL) The system of claim 1, wherein either endpoint of the secure connection 
can receive data, 

6. (ORIGINAL) The system of claim 1, further comprising means for maintaining send 
buffers on each endpoinr, 

7. (ORIGINAL) The system of claim 1, further comprising means for forwarding data 
through the secure connection when there are sufficient send buffers for receiving the forwarded 
data on the other endpoint. 

8. (ORIGINAL) The system of claim 1, further comprising means for queuing data received 
at each endpoint. 
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9. (ORIGINAL) The system of claim 8, further comprising means for dispatching the 
queued data at each endpoint to its final destination, ' 

10. (ORIGINAL) The system of claim 9, further comprising means for acknowledging 
receipt of the data after the queued data is dispatched to its final destination, thereby tracking usage 
of buffers at the endpoint. 

11. (ORIGINAL) The system of claim 1, further comprising means for buffering data 
transmitted through the multiplexed other connections for flow control through the secure 
connection. 

12. (ORIGINAL) The system of claim 1, further comprising means for resolving domain 
names through the secure connection. 

13. (ORIGINAL) The system of claim 1, further comprising means for operating; the secure 
connection according to a mode selected from a group comprising a standalone proxy mode, a 
packet filter mode, and a SOCXetS server (SOCK.S) mode. 

14. (ORIGINAL) The system of claim 1, wherein the endpoints comprise a Portal and a 

Gate. 

15. (ORIGINAL) The system of claim 14, wherein the Gate comprises a server executed by 
a firewall bastion host computer. 

16. (ORIGINAL) The system of claim 14, wherein the Portal comprises a client executed by 
a user's computer. 

17. (ORIGINAL) The system of claim 1, further comprising means for accessing an Intranet 
from the Internet using the secure connection. 
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18. (ORIGINAL) The system of claim 17, further comprising means for creating a 
connection from a Portal on a client computer on the Internet to a Gate on a firewall bastion host 
computer on the Intranet through the secure connection. 

19. (ORIGINAL) The system of claim 17, further comprising means for creating a 
connection from a Portal on a client computer on the Internet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Intranet through the secure connection. 

20. (ORIGINAL) The system of claim 17, further comprising means for creating a 
connection from a Portal on a client computer on the Internet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Intranet through the secure connection. 

21. (ORIGINAL) The system of claim 1, further comprising means for accessing the 
Internet from an Intranet using the secure connection. 

22. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client computer on the Intranet to a Gate on a host computer on the 
Internet through the secure connection. 

23. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a firewall bastion host computer on the Intranet to a host computer on 
the Internet through the secure connection. 

24. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client computer on the Intranet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Internet through the secure connection. 

25. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client computer on the Intranet to a packet filter on a firewall bastion 
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host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Internet through the secure connection. 

26. (ORIGINAL) 'Hie system of claim 1, further comprising means for accessing a first 
Intranet from a second Intranet across the Internet using the secure connection, 

27. (ORIGINAL) The system of claim 26, further comprising means for creating a 
connection from a Portal on a client computer on the first Intranet to a Gate on a firewall bastion 
host computer on the first Intranet through the secure connection, and from the Gate on the 
firewall bastion host computer on the first Intranet through the Internet to a Gate on a firewall 
bastion host computer on the second Intranet through the secure connection, and from the Gate on 
the firewall bastion host computer on the second Intranet to a host computer on the second 
Intranet through the secure connection. 

28. (ORIGINAL) The system of claim 1, wherein records are exchanged between the- 
endpoints of the secure connection. 

29. (ORIGINAL) The system of claim 28, wherein the records are selected from a group 
comprising: UsherOpen, UsherOpenReply, UsherSend, UsheiCose, UsherSendUdp, UsherAck, 
UsherEnd, and UsherRST records. 

30. (ORIGINAL) The system of claim 29, wherein the UsherOpen records are sent by a 
Portal to a Gate to open a Transmission Control Protocol (TCP) connection, 

31. (ORIGINAL) The system of claim 29, wherein the UsherOpenReply records are sent by 
a Gate to a Portal to respond to an UsherOpen record. 

32. (ORIGINAL) The system of claim 29, wherein the UsherSend records are sent by either 
a Gate or a Portal to transmit data therebetween. 

33. (ORIGINAL) The system of claim 29, wherein the UsherAck records are sent by either a 
Gate or a Portal to acknowledge a receipt of data therebetween. 
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34. (ORIGINAL) The system of claim 29, wherein the LfeherAck records are not send when 
data received by either a Gate or a Portal is queued prior to being forwarded to its destination. 

35. (ORIGINAL) The system of claim 29, wherein the UsherAck records are sent only when 
data received by either a Gate or a Portal has been forwarded to its destination. 

36. (ORIGINAL) Hie system of claim 29, wherein the UsherQose records are sent by either 
a Gate or a Portal to terminate a session. 

37. (ORIGINAL) The system of claim 29, wherein the UsherSendUdp records are sent by 
either a Gate or a Portal to transmit TJDP (User Datagram Protocol) packets therebetween. 

38. (ORIGINAL) The system of claim 29, wherein the UsherEnd records are sent by either 
a Gate or a Portal to terminate a multiplexed other connection. 

39. (ORIGINAL) Tne system of claim 29, wherein the UsherRST records are sent by either 
a Gate or a Portal to reset a multiplexed other connection. 

40. (PREVIOUSLY PRESENTED) A transmission media communicating data via a secure 
connection created at a user-level between two endpoints in a network, wherein the secure 
connection is a single encrypted Secure Sockets Layer (SSL) Transmission Control Protocol (TCP) 
connection, each of the endpoints authenticates the other device after the secure connection is 
opened, at least one of the endpoints mulriplexes other connections through the secure connection 
after both the endpoints have been authenticated, and either endpoint of the secure connection can 
receive connection requests for the multiplexed other connections. 

41. (ORIGINAL) The transmission media of claim 40, wherein the other connections are 
selected from a group comprising Transmission Control Protocol (TCP) and TJDP (User Datagram 
Protocol) connections. 
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42. (ORIGINAL) The transmission media of claim 40, wherein the secure connection is 

symmetric. 

43. (CANCELED) 

44. (ORIGINAL) The transmission media of claim 40, wherein ekher endpoint of the secure 
connection can receive data, 

45. (ORIGINAL) The transmission media of claim 40, further comprising maintaining send 
buffers on each endpoint. 

46. (ORIGINAL) The transmission media of claim 40, further comprising forwarding data 
through the secure connection when there are sufficient send buffers for receiving the forwarded 
data on the other endpoint. 

47. (ORIGINAL) The transmission media of claim 40, further comprising queuing data 
received at each endpoint. 

48. (ORIGINAL) The transmission media of claim 47, further comprising dispatching the 
queued data at each endpoint to its final destination. 

49. (ORIGINAL) The transmission media of claim 48, further comprising acknowledging 
receipt of the data after the queued data is dispatched to its final destination, thereby tracing usage 
of buffers at the endpoint. 

50. (ORIGINAL) The transmission media of claim 40, further comprising buffering data 
transmitted through the multiplexed other connections for flow control through the secure 
connection. 

51. (ORIGINAL) The transmission media of claim 40, further comprising resolving domain 
names through the secure connection. 
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52. (ORIGINAL) Hie transmission media of claim 40, further comprising operating the 
secure connection according to a mode selected from a group comprising a standalone proxy mode, 
a packet filter mode, and a SOCKetS server (SOCKS) mode. 

53. (ORIGINAL) The transmission media of claim 40, wherein the endpoints comprise a 
Portal and a Gate. 

54. (ORIGINAL) The transmission media of claim 53, -wherein the Gate comprises a server 
executed by a firewall bastion host computer. 

55. (ORIGINAL) The transmission media of claim 53, wherein the Portal comprises a client 
executed by a user's computer, 

56. (ORIGINAL) The transmission media of claim 40, further comprising accessing an 
Intranet from the Internet using the secure connection. 

57. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a Gate on a firewall bastion host 
computer on the Intranet through the secure connection. 

58. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Intranet through the secure connection. 

59. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a packet filrer on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Intranet through the secure connection. 

60. (ORIGINAL) The transmission media of claim 40, further comprising accessing the 
Internet from an Intranet using the secure connection. 
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61. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the Intranet to a Gate on a host computer on the 
Internet through the secure connection. 

62. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a firewall bastion host computer on the Intranet to a host computer on 
the Internet through the secure connection. 

63. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the Intranet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Internet through the secure connection. 

64. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the Intranet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Internet through the secure connection. 

65. (ORIGINAL) The transmission media of claim 40, further comprising accessing a first 
Intranet from a second Intranet across the Internet using the secure connection. 

66. (ORIGINAL) The transmission media of claim 65, further comprising creating a 
connection from a Portal on a client computer on the first Intranet to a Gate on a firewall bastion 
host computer on the first Intranet through the secure connection, and from the Gate on the 
firewall bastion host computer on the first Intranet through the Internet to a Gate on a firewall 
bastion host computer on the second Intranet through the secure connection, and from the Gate on 
the firewall bastion host computer on the second Intranet to a host computer on the second 
Intranet through the secure connection. 

67. (ORIGINAL) The transmission media of claim 40, wherein records are exchanged 
between the endpoints of the secure connection. 
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68. (ORIGINAL) The transmission media of claim 67, wherein the records are selected 
from a group comprising: UsherOpen, UsherOpenReply, UsherSend, Usher-Close, UsherSendUdp, 
UsherAck, UsherEnd, and UsherRST records. 

69. (ORIGINAL) The transmission media of claim 68, -wherein the UsherOpen records are 
sent by a Portal to a Gate to open a Transmission Control Protocol (TCP) connection. 

70. (ORIGINAL) The transmission media of claim 68, wherein the UsherOpenReply 
records are sent by a Gate to a Portal to respond to an UsherOpen record 

71. (ORIGINAL) The transmission media of claim 68, wherein the UsherSend records are 
sent by either a Gate or a Portal to transmit data therebetween. 

72. (ORIGINAL) The transmission media of claim 68, wherein the UsherAck records are 
sent by either a Gate or a Portal to acknowledge a receipt of data therebetween. 

73. (ORIGINAL) The transmission media of claim 68, wherein the UsherAck records are 
not send when data received by either a Gate or a Portal is queued prior to being forwarded to its 
destination. 

74. (ORIGINAL) The transmission media of claim 68, wherein the- UsherAck records are 
sent only when data received by either a Gate or a Portal has been forwarded to its destination. 

75. (ORIGINAL) The transmission media of claim 68, wherein the UsherOose records are 
sent by either a Gate or a Portal to terminate a session. 

76. (ORIGINAL) The transmission media of claim 68, wherein the UsherSendUdp records 
are sent by either a Gate or a Portal to transmit UDP (User Datagram Protocol) packets 
therebetween. 
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77. (ORIGINAL) The transmission media of claim 68, wherein the UsherEnd records are 
sent by either a Gate or a Portal to terminate a multiplexed other connection. 

78. (ORIGINAL) The transmission media of claim 68, wherein the UsherRST records are 
sent by either a Gate or a Portal to reset a multiplexed other connection. 

79. (PREVIOUSLY PRESENTED) A method for network multiplexing and tunneling, 
comprising: 

(a) opening a single Transmission Control Protocol (TCP) connection at a user-level 
between at least two endpoints in the network; 

(b) establishing a secure connection using Secure Sockets Layer (SSL) over the opened 
Transmission Control Protocol (TCP) connection] 

(c) mutually authenticating each of the endpoints of the secure connection; and 

(d) multiplexing other connections through the secure connection once both of the 
endpoints have been authenticated, wherein either endpoint of the secure connection can receive 
connection requests for the multiplexed other connections. 

80. (ORIGINAL) The method of claim 79, wherein the other connections are selected from 
a group comprising Transmission Control Protocol (TCP) and UDP (User Datagram Protocol) 
connections. 

81. (ORIGINAL) The meihod of claim 79, wherein the secure connection is symmetric. 

82. (CANCELED) 

83. (ORIGINAL) The method of claim 79, wherein either endpoint of the secure 
connection can receive data. 

84. (ORIGINAL) Hie method of claim 79, further comprising mamtaining send buffers on 
each endpoint. 
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85. (ORIGINAL) The method of claim 79, further comprising forwarding data through the 
secure connection when there are sufficient send buffers for receiving the forwarded data on the 
other endpoint. 

86. (ORIGINAL) The method of claim 79, further comprising queuing data received at each 
endpoint. 

87. (ORIGINAL) The method of claim 86, further comprising dispatching the queued data 
at each endpoint to its final destination. 

88. (ORIGINAL) Hie method of claim 87, further comprising acknowledging receipt of the 
data after the queued data is dispatched to its final destination, thereby tracking usage of buffers at 
the endpoint. 

89. (ORIGINAL) The method of claim 79, further comprising buffering data transmitted 
through the multiplexed other connections for flow control through the secure connection. 

90. (ORIGINAL) The method of claim 79, further comprising resolving domain names 
through the secure connection. 

91. (ORIGINAL) The method of claim 79, further comprising operating the secure 
connection according to a mode selected from a group comprising a s ta n dal one proxy mode, a 
packet filter mode, and a SOCECetS server (SOCKS) mode. 

92. (ORIGINAL) The method of claim 79, wherein the endpoims comprise a Portal and a 

Gate. 

93. (ORIGINAL) The method of claim 92, wherein the Gate comprises a server executed by 
a firewall bastion host computer. 

94. (ORIGINAL) The method of claim 92, wherein the Portal comprises a client executed 
by a user's computer. 
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95. (ORIGINAL) The method of claim 79, further comprising accessing an Intranet from 
the Internet using the secure connection. 

96. (ORIGINAL) The method of claim 95, further comprising creating a connection from a 
Portal on a client computer on the Internet to a Gate on a firewall bastion host computer on the 
Intranet through the secure connection. 

97. (ORIGINAL) The method of claim 95, further comprising creating a connection from a 
Portal on a client computer on the Internet to a proxy on a firewall bastion host computer on the 
Intranet through the secure connection and from the proxy to a Gate on a host computer on the 
Intranet through the secure connection. 

98. (ORIGINAL) The method of claim 95, further comprising creating a connection from a 
Portal on a client computer on the Internet to a packet filter on a firewall bastion host computer on 
the Intranet through the secure connection and from the packet filer to a Gate on a host computer 
on the Intranet through the secure connection. 

99. (ORIGINAL) The method of claim 79, further comprising accessing the Internet from 
an Intranet using the secure connection. 

100. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on the Intranet to a Gate on a host computer on the Internet through 
the secure connection. 

101. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a firewall bastion host computer on the Intranet to a host computer on the Internet 
through the secure connection. 

102. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on the Intranet to a proxy on a firewall bastion host computer on the 
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Intranet through the secure connection and from the proxy to a Gate on a host computer on the 
Internet through the secure connection, 

103. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on the Intranet to a packet filter on a firewall bastion host computer 
on the Intranet through the secure connection and from the packet filer to a Gate on a host 
computer on the Internet through the secure connection. 

104. (ORIGINAL) The method of claim 79, further comprising accessing a first Intranet 
from a second Intranet across the Internet using the secure connection. 

105. (ORIGINAL) The method of claim 104, further comprising creating a connection from 
a Portal on a client computer on the first Intranet to a Gate on a firewall bastion host computer on 
the first Intranet through the secure connection, and from the Gate on the firewall bastion host 
computer on the first Intranet through the Internet to a Gate on a firewall bastion host computer on 
the second Intranet through the secure connection, and from the Gate on the firewall bastion host 
computer on the second Intranet to a host computer on the second Intranet through the secure 
connection. 

106. (ORIGINAL) The method of claim 79, wherein records are exchanged between the 
endpoints of the secure connection, 

107. (ORIGINAL) The method of claim 106, wherein the records are selected from a group 
comprising: UsherOpen, UsherOpenReply, UsherSend, UsherOose, UsherSendUdp, UsherAck, 
UsherEnd, and UsherRST records. 

108. (ORIGINAL) The method of claim 107, wherein the UsherOpen records are sent by a 
Portal to a Gate to open a Transmission Control Protocol (TCP) connection. 

109. (ORIGINAL) The method of claim 107, wherein the UsherOpenReply records are sent 
by a Gate to a Portal to respond to an UsherOpen record. 
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110. (ORIGINAL) The method of claim 1 07, wherein the UsherScnd records ate sent by 
either a Gate Ot a Portal to transmit data therebetween. 

111. (ORIGINAL) The method of Haim 107, wherein the UsherAck records axe sent by 
either a Gate or a. Portal to acknowledge a receipt of data therebetween. 

112. (ORIGINAL) The method of ckim 107, wherein the UsherAck records arc not send 
when data received by either a Gate or a Portal is queued prior to being forwarded to its desunadon. 

113. (ORIGINAL) The method of claim 107, wherein the UsherAck records are sent only 
when data received by either a Gate or a Portal has been forwarded to its desrination- 

114. (ORIGINAL) The method of claim 107, wherein the UsherClose records are sent by 
either a Gate or a Portal to terminate a session. 

115. (ORIGINAL) The method of claim 107, wherein the UsherSendUdp records arc sent 
by either a Gate or a Portal to transmit UDP (User Datagram Protocol) packets therebetween. 

116- (ORIGINAL) The method of claim 107, wherein the UsherEnd records are sent by 
either a Gate or a Portal to terminate a multiplexed other connection, 

117. (ORIGINAL) The method of claim 107, wherein the UsherRST records are sent by 
either a Gate or a Portal to reset a multiplexed other connection. 
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